Recently, widespread use of so-called smartphones has led to increase in use of services with user-operated terminal devices accessing server devices set up by service providers. When services are provided in such a mode, authentication is required in some cases in order for the servicer device to identify the user.
Generally, for authentication, a mode is used in which a terminal device transmits to a server device a sign-in request specifying a user name and a password (sign-in). In another mode, an access token is used for eliminating the task of entering a user name and a password when a service is provided again to a terminal device once authenticated with the sign-in request. The access token is recorded in the terminal device and transmitted by the terminal device to the server device for authentication when the user requests a service.
For example, Patent Literature 1 discloses a technique regarding an authentication method using access tokens. According to the technique of the Patent Literature 1, the authorizing server issues an access token to a grantee of the access right in response to a request from a granter of the access right. The grantee of the access right can be authenticated using the issued access token. The technique of the Patent Literature 1 intends to enable access to information permitted by the granter without referring to credit information of the granter (his own user name and password).